[Samba] Replication not working for remote Domain Controller

Rowland penny rpenny at samba.org
Tue Dec 17 16:48:31 UTC 2019 

On 17/12/2019 16:28, shacky wrote:
> Hi, sorry for the late reply!
>
>     ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b
>     'DC=samdom.example.com
>     <http://samdom.example.com>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com'
>
>     -s sub '(objectclass=dnsnode)' | grep dn:
>
>
> I receive an empty output:
>
> ================================== 8< 
> ==========================================
> root at dc1:/ (17:23:33)# ldbsearch --cross-ncs -H 
> /var/lib/samba/private/sam.ldb -b 'DC=my.domain.com 
> <http://my.domain.com>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=my,DC=domain,DC=com' 
> -s sub '(objectclass=dnsnode)' | grep dn
>
> root at dc1:/ (17:23:36)#
> ================================== 8< 
> ==========================================
> root at dc2:/# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b 
> 'DC=my.domain.com 
> <http://my.domain.com>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=my,DC=domain,DC=com' 
> -s sub '(objectclass=dnsnode)' | grep dn
> root at dc2:/#
> ================================== 8< 
> ==========================================
> root at dc4:/# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b 
> 'DC=my.domain.com 
> <http://my.domain.com>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=my,DC=domain,DC=com' 
> -s sub '(objectclass=dnsnode)' | grep dn
> root at dc4:/#
> ================================== 8< 
> ==========================================
>
>     Was it provisioned as a Samba domain and if so, what Samba version
>     was
>     it ? Or was it originally a Windows domain and again, if it was, what
>     was the original Windows version.
>
>
> It was provisioned many years ago on a Windows Server 2003.
This means that you are not running a domain integrated DNS server, or 
to put it another way, you are missing hugh chunks of AD.
> One year ago I migrated it on Samba 4 using two Zentyal virtual 
> machines as domain controllers and some weeks ago I added a third 
> domain controller on the remote site (I then wish to add a fourth one 
> on the remote site to have a failover there).

In the last year this has come up a few times, try reading this:

https://support.microsoft.com/en-gb/help/817470/how-to-reconfigure-an-msdcs-subdomain-to-a-forest-wide-dns-application

It looks like we need a tool to correct AD :-(

Rowland

More information about the samba mailing list